+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
Internet Related/Filtering/Firewall Thread, Anyone updated the certificate keys for Adito, Openvpn ALS in Technical; I am playing with Adito, which is a mighty fantastic vpn / rdp tool, but the default certificate key is ...
  1. #1

    Join Date
    Apr 2010
    Posts
    1,832
    Thank Post
    62
    Thanked 161 Times in 133 Posts
    Rep Power
    64

    Anyone updated the certificate keys for Adito, Openvpn ALS

    I am playing with Adito, which is a mighty fantastic vpn / rdp tool, but the default certificate key is not very secure.

    I am looking at ways of updating the cert keys and wondered if anyone had done this already? If so do you have any pointers.

    Thanks

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    I did do it, it was very fiddly but possible,

    I can't remember how I think just generated new csr using openssl.

    Toby

  3. #3

    Join Date
    Apr 2010
    Posts
    1,832
    Thank Post
    62
    Thanked 161 Times in 133 Posts
    Rep Power
    64
    Not having done anything like this before so might need a bit of help.

    The school do not have a signed cert so I will be creating a self signed cert. I found a few free programs that can do this like openssl but also found this tool,
    KeyStore Explorer - Home KeyTool explorer which looks like it uses the same java key system as Adito.

    I am not 100% sure what to do next and I cant seem to find much info on the net.

    I will play and see what I can come up with, but if you have any advice before I start it would be very welcome.

  4. #4

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    Rather then use self signed get one.from IPSCA they are free but are only trusted on Windows and but not in ff.

    Free for education

  5. #5
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,142
    Thank Post
    126
    Thanked 326 Times in 275 Posts
    Rep Power
    81
    JANET do free certs for schools now - just apply through your LEA/Broadband Consortium

  6. #6

    Join Date
    Apr 2010
    Posts
    1,832
    Thank Post
    62
    Thanked 161 Times in 133 Posts
    Rep Power
    64
    on the IPSCA website it says:

    All certificate requests (CSR) must contain an Organization Name (O) that is exactly the same that appears at public domain name registries as the owner of the domain. The company name IN THIS FORM and contact information must also be the same.
    Do they simply need the full school name or the registered domain name which would be schoolname.sch.uk

  7. #7

    Join Date
    Apr 2010
    Posts
    1,832
    Thank Post
    62
    Thanked 161 Times in 133 Posts
    Rep Power
    64
    Also on the cert form it asks for server type and gives a long list of server types. What would you recommend for Adito? I am running Adito on a win XP box if that makes any difference.

    Thanks

  8. #8

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    Quote Originally Posted by edutech4schools View Post
    Also on the cert form it asks for server type and gives a long list of server types. What would you recommend for Adito? I am running Adito on a win XP box if that makes any difference.

    Thanks
    erm I think i just put other - I also needed to convert the cert using this and the IPSCA global root cert

    https://www.sslshopper.com/ssl-converter.html

    with regards to the OU name its what is registered with nominet as. for Example here, mines The Weald School.

  9. Thanks to glennda from:

    edutech4schools (16th April 2012)

  10. #9

    Join Date
    Apr 2010
    Posts
    1,832
    Thank Post
    62
    Thanked 161 Times in 133 Posts
    Rep Power
    64
    Thank you for your help so far glennda.

    I have another few question, hopefully I will not need to bother you to much after this.

    On the cert request page it is asking me to paste my csr info in to a blank box. What is the best way to get the csr?

    I was also wondering if Adito has a favourite key length, the certs come with a minimum of 1024-bit. What would you recommend?

  11. #10

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    Adito will generate the CSR for you, if you log in as admin under configuration is SSL certificates and then top right is download CSR.

    Adito will give you the key at 1024.

    Toby

  12. #11

    Join Date
    Apr 2010
    Posts
    1,832
    Thank Post
    62
    Thanked 161 Times in 133 Posts
    Rep Power
    64
    Just sent the cert request, so fingers crossed.

  13. #12

    Join Date
    Apr 2010
    Posts
    1,832
    Thank Post
    62
    Thanked 161 Times in 133 Posts
    Rep Power
    64
    ok got my certificates.

    Do you have any step by steps for the next few stages?

    After downloading the cert I was asked to rename it to .cer or .crt The .crt is for apache. Do you know which I should choose.

    Next I presume it needs to be converted using the website tool you posted. So I might have a few other questions.

    Thanks for the help so far.

  14. #13

    Join Date
    Apr 2010
    Posts
    1,832
    Thank Post
    62
    Thanked 161 Times in 133 Posts
    Rep Power
    64
    Well I am having a major issue trying to convert the cert.

    https://www.sslshopper.com/ssl-converter.html

    I upload the cert to be converted as a PEM (is this correct)
    I then select PKCS#12 as the format I need (is this correct)

    It then asks for
    Privet key file
    chain cert file (optional)
    chain cert file 2 (optional)

    from the cert company I have downloaded
    cert.cer
    ipsCAGlobal.crt
    ipsCALEVEL1CA.crt

    I also downloaded a bundle file that has both ipsCAGlobal.crt and ipsCALEVEL1CA.crt in one.

    I am getting this error
    There was a problem converting that certificate. It may be corrupt or it may be in a different format than the one you selected.
    I just seem to be going round and round and really need some help.

  15. #14

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    I'm pretty sure thats all i did - have you treid with just one of the chain cert files? the IPSCALevel1CA crt and just your cert?

  16. #15

    Join Date
    Apr 2010
    Posts
    1,832
    Thank Post
    62
    Thanked 161 Times in 133 Posts
    Rep Power
    64
    Which file should I upload for the Privet key file?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. SSL-Explorer, Adito, OpenVPN ALS
    By edutech4schools in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 16th November 2011, 08:04 PM
  2. [Fog] Anyone know the release date for fog version 0.30
    By bart21 in forum O/S Deployment
    Replies: 8
    Last Post: 24th February 2011, 01:36 PM
  3. Trouble installing the licence key for ComicLife
    By Tricky_Dicky in forum Windows
    Replies: 1
    Last Post: 9th January 2011, 06:20 PM
  4. Anyone know the going price for....
    By nephilim in forum Our Advertisers
    Replies: 6
    Last Post: 24th June 2009, 03:12 PM
  5. lost the key for rm systembase server
    By amyr in forum Hardware
    Replies: 6
    Last Post: 24th January 2007, 08:53 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •